[Webkit-unassigned] [Bug 258757] Undefined behavior in FunctionExecutable::lastLine()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 30 16:43:07 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=258757
--- Comment #1 from Chris Dumez <cdumez at apple.com> ---
UnlinkedFunctionExecutable::m_lineCount is declared like so:
```
unsigned m_lineCount : 31;
```
It gets initialized like so:
```
, m_lineCount(node->lastLine() - node->firstLine())
```
Node::firstLine() is declared like so:
```
int firstLine() const { return m_position.line; }
```
JSTextPosition()'s default constructor initializes its default data members to -1:
```
// FIXME: these should be unsigned.
int line { -1 };
int offset { -1 };
int lineStartOffset { -1 };
```
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230630/736132f5/attachment.htm>
More information about the webkit-unassigned
mailing list